OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

DEBIAN-CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

Linux Distros Unpatched Vulnerability : CVE-2026-31654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 mm/vma: do not leak memory when...

SUSE CVE-2026-31654

In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 "mm/vma: do not leak memory when .mmapprepare swaps the file" handled the success path by skipping getfile via filedoesntneedget, but missed the error path. When /dev/zero...

EUVD-2026-25547

In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 "mm/vma: do not leak memory when .mmapprepare swaps the file" handled the success path by skipping getfile via filedoesntneedget, but missed the error path. When /dev/zero...

CVE-2026-31654

In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 "mm/vma: do not leak memory when .mmapprepare swaps the file" handled the success path by skipping getfile via filedoesntneedget, but missed the error path. When /dev/zero...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002138)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002138 advisory. The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001908 advisory. The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system...

EUVD-2025-24647

Malicious code in bioql PyPI...

SUSE CVE-2025-55199

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

AZL-66318 CVE-2025-55199 affecting package helm 3.14.2-10

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

Allocation of Resources Without Limits or Throttling

Overview helm.sh/helm/v3/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of JSON Schema files containing $ref fields that point to device files such as /dev/zero. An...

Allocation of Resources Without Limits or Throttling

Overview github.com/helm/helm/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of JSON Schema files containing $ref fields that point to device files such as /dev/zero. An...

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. Impact A malicious chart can point $ref in values.schema.json to a device e.g. /dev/ or other problem file which...

CVE-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

CVE-2025-55199

CVE-2025-55199 (Helm) : Pre-3.18.5 Helm can craft a JSON Schema file that may cause Helm to consume all memory and terminate with an OOM. The issue is resolved in Helm 3.18.5. A workaround is to ensure loaded charts do not reference /dev/zero via $ref. Remediation: upgrade to Helm 3.18.5 or later...